Internet Draft Mark Bakke
<draft-ietf-ips-iscsi-mib-08.txt> Jim Muchow
Expires May 2003 Cisco Systems
Marjorie Krueger
Hewlett-Packard
Tom McSweeney
IBM
November 2002
Definitions of Managed Objects for iSCSI
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.html.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in TCP/IP based internets.
In particular it defines objects for managing a client using the
iSCSI (SCSI over TCP) protocol.
Bakke, Muchow Expires May 2003 [Page 1]

Internet Draft iSCSI MIB November 2002
o An overall architecture, described in RFC 2571 [RFC2571].
o Mechanisms for describing and naming objects and events for the
purpose of management. The first version of this Structure of
Management Information (SMI) is called SMIv1 and described in
STD 16, RFC 1155 [RFC1155], STD 16, RFC 1212 [RFC1212] and RFC1215 [RFC1215]. The second version, called SMIv2, is described
in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and
STD 58, RFC 2580 [RFC2580].
o Message protocols for transferring management information. The
first version of the SNMP message protocol is called SNMPv1 and
described in STD 15, RFC 1157 [RFC1157]. A second version of
the SNMP message protocol, which is not an Internet standards
track protocol, is called SNMPv2c and described in RFC 1901
[RFC1901] and RFC 1906 [RFC1906]. The third version of the
message protocol is called SNMPv3 and described in RFC 1906
[RFC1906], RFC 2572 [RFC2572] and RFC 2574 [RFC2574].
o Protocol operations for accessing management information. The
first set of protocol operations and associated PDU formats is
described in STD 15, RFC 1157 [RFC1157]. A second set of
protocol operations and associated PDU formats is described in
RFC 1905 [RFC1905].
o A set of fundamental applications described in RFC 2573
[RFC2573] and the view-based access control mechanism described
in RFC 2575 [RFC2575].
A more detailed introduction to the current SNMP Management Framework
can be found in RFC 2570 [RFC2570].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. Objects in the MIB are
defined using the mechanisms defined in the SMI.
This memo specifies a MIB module that is compliant to the SMIv2. A
MIB conforming to the SMIv1 can be produced through the appropriate
translations. The resulting translated MIB must be semantically
equivalent, except where objects or events are omitted because no
translation is possible (use of Counter64). Some machine readable
information in SMIv2 will be converted into textual descriptions in
SMIv1 during the translation process. However, this loss of machine
readable information is not considered to change the semantics of the
MIB.
Bakke, Muchow Expires May 2003 [Page 3]

Internet Draft iSCSI MIB November 20022. Relationship to Other MIBs
The iSCSI MIB is layered between the SCSI MIB [SCSI-MIB] (work in
progress) and the TCP MIB [RFC2012], and makes use of the IPS
Identity Authentication MIB [AUTH-MIB] (work in progress). Here is
how the MIBs are related:
SCSI MIB Each iscsiNode, whether it has an initiator role, target
role, or both, is related to one SCSI device within the
SCSI MIB. The iscsiNodeTransportType attribute points to
the SCSI transport object within the SCSI MIB, which in
turn contains an attribute that points back to the
iscsiNode. In this way, a management station can navigate
between the two MIBs.
TCP MIB Each iSCSI connection is related to one transport-level
connection. Currently, iSCSI uses only TCP; the iSCSI
connection is related to a TCP connection using its normal
(protocol, source address, source port, destination
address, destination port) 5-tuple.
AUTH MIB Each iSCSI node that serves a target role can have a list
of authorized initiators. Each of the entries in this list
points to an identity within the IPS Identity
Authentication MIB that will be allowed to access the
target. iSCSI nodes that serve in an initiator role can
also have a list of authorized targets. Each of the
entries in this list points to an identity within the Auth
MIB to which the initiator should attempt to establish
sessions. The Auth MIB includes information used to
identify initiators and targets by their iSCSI name, IP
address, and/or credentials.
3. Discussion
This MIB structure supplies configuration, fault, and statistics
information for iSCSI devices [ISCSI]. It is structured around the
well-known iSCSI objects, such as targets, initiators, sessions,
connections, and the like.
This MIB may also be used to configure access to iSCSI targets, by
creating iSCSI Portals and authorization list entries.
It is worthwhile to note that this is an iSCSI MIB and as such
reflects only iSCSI objects. This MIB does not contain information
about the SCSI-layer attributes of a device. The SCSI MIB, currently
under development, is related to the iSCSI MIB and contains the SCSI
Bakke, Muchow Expires May 2003 [Page 4]

Internet Draft iSCSI MIB November 2002
information about a device.
The iSCSI MIB consists of several "objects", each of which is
represented by one or more tables. This section contains a brief
description of the "object" hierarchy and a description of each
object, followed by a discussion of the actual MIB table structure
within the objects.
3.1. iSCSI MIB Object Model
The top-level object in this structure is the iSCSI instance, which
"contains" all of the other objects.
iscsiInstance
-- A distinct iSCSI entity within the managed system.
iscsiPortal
-- An IP address used by this instance
iscsiTargetPortal
-- Contains portal information relevant when the portal
-- is used to listen for connections to its targets.
iscsiInitiatorPortal
-- Contains portal information relevant when the portal
-- is used to initiate connections to other targets.
iscsiNode
-- An iSCSI node can act as an initiator, a target, or both.
-- Contains generic (non-role-specific) information.
iscsiTarget
-- Target-specific iSCSI node information.
iscsiTgtAuth
-- A list of initiator identities that are allowed
-- access to this target.
iscsiInitiator
-- Initiator-specific iSCSI node information.
iscsiIntrAuth
-- A list of target identities to which this initiator
-- is configured to establish sessions.
iscsiSession
-- An active iSCSI session between an initiator and target.
-- The session's direction may be Inbound (outside
-- initiator to our target) or Outbound (our initiator to
-- an outside target).
iscsiConnection
-- An active TCP connection within an iSCSI session
An iSCSI Node can be an initiator, a target, or both. The iSCSI
Node's portals may be used to initiate connections (initiator) or
listen for connections (target), depending on wither the iSCSI Node
is acting as an initiator or target. The iSCSI MIB assumes that any
Bakke, Muchow Expires May 2003 [Page 5]

Internet Draft iSCSI MIB November 2002
target may be accessed via any portal that can take on a target role,
although other access controls not reflected in the MIB might limit
this.
3.2. iSCSI MIB Table Structure
Each iSCSI object exports of one or more tables: an attributes table,
and zero or more statistics tables which augment the attributes
table. Since iSCSI is an evolving standard, it is much cleaner to
provide statistics and attributes as separate tables, allowing
attributes and statistics to be added independently. In a few cases,
there are multiple categories of statistics that will likely grow; in
this case, an object will contain multiple statistics tables.
iscsiObjects
iscsiDescriptors
iscsiInstance
iscsiInstanceAttributesTable
iscsiInstanceSsnErrorStatsTable
-- Counts abnormal session terminations
iscsiPortal
iscsiPortalAttributesTable
iscsiTargetPortal
iscsiTgtPortalAttributesTable
iscsiInitiatorPortal
iscsiIntrPortalAttributesTable
iscsiNode
iscsiNodeAttributesTable
iscsiTarget
iscsiTargetAttributesTable
iscsiTargetLoginStatsTable
-- Counts successful and unsuccessful logins
iscsiTargetLogoutStatsTable
-- Counts normal and abnormal logouts
iscsiTgtAuthorization
iscsiTgtAuthAttributesTable
iscsiInitiator
iscsiInitiatorAttributesTable
iscsiInitiatorLoginStatsTable
-- Counts successful and unsuccessful logins
iscsiInitiatorLogoutStatsTable
-- Counts normal and abnormal logouts
iscsiIntrAuthorization
iscsiIntrAuthAttributesTable
iscsiSession
iscsiSessionAttributesTable
iscsiSessionStatsTable
-- Performance-related counts (requests, responses, bytes)
Bakke, Muchow Expires May 2003 [Page 6]

Internet Draft iSCSI MIB November 2002
iscsiSessionCxnErrorStatsTable
-- Counts digest errors, connection errors, etc.
iscsiConnection
iscsiConnectionAttributesTable
Note that this MIB does not attempt to count everything that could be
counted; it is designed to include only those counters that would be
useful for identifying performance, security, and fault problems from
a management station.
3.3. iscsiInstance
The iscsiInstanceAttributesTable is the primary table of the iSCSI
MIB. Every table entry in this MIB is "owned" by exactly one iSCSI
instance; all other table entries in the MIB include this table's
index as their primary index.
Most implementations will include just one iSCSI instance row in this
table. However, this table exists to allow for multiple virtual
instances. For example, many IP routing products now allow multiple
virtual routers. The iSCSI MIB has the same premise; a large system
could be "partitioned" into multiple, distinct virtual systems.
This also allows a single SNMP agent to proxy for multiple
subsystems, perhaps a set of stackable devices, each of which have
one or even more instances.
The instance attributes include the iSCSI vendor and version, as well
as information on the last target or initiator at the other end of a
session that caused a session failure.
The iscsiInstanceSsnErrorStatsTable augments the attributes table,
and provides statistics on session failures due to digest,
connection, or iSCSI format errors.
3.4. iscsiPortal
The iscsiPortalAttributesTable lists iSCSI portals that can either be
used to listen for connections to targets, or initiate connections to
other targets, or both.
Each entry in the table includes an IP address (either v4 or v6), and
a transport protocol (currently only TCP is defined). Each entry
that fulfills an initiator portal role has a corresponding entry in
the iscsiInitiatorPortal table; each entry that has a target portal
role has an entry in the iscsiTargetPortal table. Each portal that
serves both roles has a corresponding entry in each table.
Bakke, Muchow Expires May 2003 [Page 7]

Internet Draft iSCSI MIB November 2002
Portal entries, along with their initiator and target portal
counterparts, may be created and destroyed through this MIB by a
management station.
When creating a new portal entry, an iscsiPortal is first created,
then the iscsiTargetPortal, iscsiInitiatorPortal, or both.
Attributes are added during creation, and may not be subsequently
modified. Creating an iscsiTargetPortal will cause the
implementation to start listening for iSCSI connections on the
portal. Creating an iscsiInitiatorPortal will not necessarily cause
connections to be established; it is left to the implementation
whether and when to make use of the portal.
When deleting a portal entry, all connections associated with that
portal entry are terminated. The implementation may either terminate
the connection immediately, or request a clean shutdown as specified
in [ISCSI]. An outbound connection (when an iscsiInitiatorPortal is
deleted) matches the portal if its iscsiCxnLocalAddr matches the
iscsiPortalAddr. An inbound connection (when an iscsiTargetPortal is
deleted) matches the portal if both its iscsiCxnLocalAddr matches the
iscsiPortalAddr, and the iscsiCxnLocalPort matches the
iscsiTargetPortalPort.
Individual attributes within a portal, initiatorPortal, or
targetPortal entry may not be modified. For instance, changing the IP
address of a portal requires that the portal entries associated with
the old IP address be deleted, and new entries be created (in either
order).
3.5. iscsiTargetPortal
The iscsiTargetPortalAttributesTable contains target-specific
attributes for iSCSI Portals. Entries in this table use the same
indices as their corresponding entries in the
iscsiPortalAttributesTable. An entry in this table is created when
the targetTypePortal bit is set in the iscsiPortalRoles attribute; it
is destroyed when this bit is cleared.
This table contains the TCP (or other protocol) port on which the
socket is listening for incoming connections. It also includes a
portal group aggregation tag; iSCSI target portals within this
instance sharing the same tag can contain connections within the same
session.
This table will be empty for iSCSI instances that contain only
initiators (such as iSCSI host driver implementations).
Bakke, Muchow Expires May 2003 [Page 8]

Internet Draft iSCSI MIB November 20023.6. iscsiInitiatorPortal
The iscsiInitiatorPortalAttributesTable contains initiator-specific
attributes for iSCSI Portals. Entries in this table use the same
indices as their corresponding entries in the
iscsiPortalAttributesTable. An entry in this table is created when
the initiatorTypePortal bit is set in the iscsiPortalRoles attribute;
it is destroyed when this bit is cleared.
Each entry in this table contains a portal group aggregation tag,
indicating which portals an initiator may use together within a
multiple-connection session.
This table will be empty for iSCSI instances that contain only
targets (such as most iSCSI devices).
3.7. iscsiNode
The iscsiNodeAttributesTable contains a list of iSCSI nodes, each of
which may have an initiator role, a target role, or both.
This table contains the node's attributes which are common to both
roles, such as its iSCSI Name and alias string. Attributes specific
to initiators or targets are available in the iscsiTarget and
iscsiInitiator objects. Each entry in this table that can fulfill a
target role has a corresponding entry in the iscsiTarget table; each
entry that fulfills an initiator role has an entry in the
iscsiInitiator table. Nodes such as copy managers that can take on
both roles have a corresponding entry in each table.
This table also contains the login negotiations preferences for this
node. These objects indicate the values this node will offer or
prefer in the operational negotiation phase of the login process.
Each entry in the table also contains a RowPointer to the transport
table entry in the SCSI MIB which this iSCSI node represents.
3.8. iscsiTarget
The iscsiTargetAttributesTable contains target-specific attributes
for iSCSI nodes. Each entry in this table uses the same index values
as its corresponding iscsiNode entry.
This table contains attributes used to indicate the last failure that
was (or should have been) sent as a notification or trap.
This table is augmented by the iscsiTargetLoginStatsTable and the
iscsiTargetLogoutStatsTable, which count the numbers of normal and
Bakke, Muchow Expires May 2003 [Page 9]

Internet Draft iSCSI MIB November 2002
abnormal logins and logouts to this target.
3.9. iscsiTgtAuthorization
The iscsiTgtAuthAttributesTable contains an entry for each initiator
identifier that will be allowed to access the target under which it
appears. Each entry contains a RowPointer to a user identity in the
IPS Identity Authentication MIB, which contains the name, address,
and credential information necessary to authenticate the initiator.
3.10. iscsiInitiator
The iscsiInitiatorAttributesTable contains a list of initiator-
specific attributes for iSCSI nodes. Each entry in this table uses
the same index values as its corresponding iscsiNode entry.
Most implementations will include a single entry in this table,
regardless of the number of physical interfaces the initiator may
use.
This table is augmented by the iscsiInitiatorLoginStatsTable and the
iscsiInitiatorLogoutStatsTable, which count the numbers of normal and
abnormal logins and logouts to this target.
3.11. iscsiIntrAuthorization
The iscsiIntrAuthAttributesTable contains an entry for each target
identifier to which the initiator is configured to establish a
session.
Each entry contains a RowPointer to a user identity in the IPS
Identity Authentication MIB, which contains the name, address, and
credential information necessary to identify (for discovery purposes)
and authenticate the target.
3.12. iscsiSession
The iscsiSessionAttributesTable contains a set of rows that list the
sessions known to be existing locally for each node in each iSCSI
instance.
The session type for each session indicates whether the session is
used for normal SCSI commands or for discovery using the SendTargets
text command. Discovery sessions that do not belong to any
particular node have a node index attribute of zero.
The session direction for each session indicates whether it is an
Inbound Session or an Outbound Session. Inbound sessions are from
Bakke, Muchow Expires May 2003 [Page 10]

Internet Draft iSCSI MIB November 2002
some other initiator to the target node under which the session
appears. Outbound sessions are from the initiator node under which
the session appears to a target outside this iSCSI instance.
Many attributes may be negotiated when starting an iSCSI session.
Most of these attributes are included in the session object.
Some attributes, such as the integrity and authentication schemes,
have some standard values which can be extended by vendors to include
their own schemes. These contain an object identifier, rather than
the expected enumerated type, to allow these values to be extended by
other MIBs, such as an enterprise MIB.
The iscsiSessionStatsTable includes statistics related to
performance; it counts iSCSI data bytes and PDUs.
For implementations that support error recovery without terminating a
session, the iscsiSessionCxnErrorStatsTable contains counters for the
numbers of digest and connection errors that have occurred within the
session.
3.13. iscsiConnection
The iscsiConnectionAttributesTable contains a list of active
connections within each session. It contains the IP addresses and
TCP (or other protocol) ports of both the local and remote side of
the connection. These may be used to locate other connection-related
information and statistics in the TCP MIB [RFC2012].
The attributes table also contains a connection state. This state is
not meant to directly map to the state tables included within the
iSCSI specification; they are meant to be simplified, higher-level
definitions of connection state that provide information more useful
to a user or network manager.
No statistics are kept for connections.
3.14. IP Addresses and TCP Port Numbers
The IP addresses in this MIB are represented by two attributes, one
of type InetAddressType, and the other of type InetAddress. These
are taken from [RFC3291], which specifies how to support addresses
that may be either IPv4 or IPv6.
The TCP port numbers that appear in a few of the structures are
described as simply port numbers, with a protocol attribute
indicating whether they are TCP ports, or something else. This will
allow the MIB to be compatible with iSCSI over transports other than
Bakke, Muchow Expires May 2003 [Page 11]

Internet Draft iSCSI MIB November 2002
TCP in the future.
3.15. Descriptors: Using OIDs in Place of Enumerated Types
The iSCSI MIB has a few attributes, such as the authentication and
digest method attributes, where an enumerated type would work well,
except that an implementation may need to extend the attribute and
add types of its own. To make this work, the MIB defines a set of
object identities within iscsiDescriptors. Each of these object
identities is basically an enumerated type.
Attributes that make use of these object identities have a value
which is an OID instead of an enumerated type. These OIDs can either
indicate the object identities defined in this MIB, or object
identities defined elsewhere, such as in an enterprise MIB. Those
implementations that add their own authentication and digest methods
should also define a corresponding object identity for each of these
methods within their own enterprise MIB, and return its OID whenever
one of these attributes is using that method.
3.16. Notifications
Three notifications are provided. One is sent by an initiator
detecting a critical login failure; another is sent by a target
detecting a critical login failure, and the third is sent upon a
session being terminated due to an abnormal connection or digest
failure. Critical failures are defined as those that may expose
security-related problems that may require immediate action, such as
failures due to authentication, authorization, or negotiation
problems. Attributes in the initiator, target, and instance objects
provide the information necessary to send in the notification, such
as the initiator or target name and IP address at the other end that
may have caused the failure.
To avoid sending an excessive number of notifications due to multiple
errors counted, an SNMP agent implementing the iSCSI MIB should not
send more than three iSCSI notifications in any 10-second period.
The 3-in-10 rule was chosen because one notification every three
seconds was deemed often enough, but should two or three different
notifications happen at the same time, it would not be desirable to
suppress them. Three notifications in ten seconds is a happy medium,
where a short burst of notifications is allowed, without inundating
the network and/or trap host with a large number of notifications.
Bakke, Muchow Expires May 2003 [Page 12]

Internet Draft iSCSI MIB November 2002
STATUS current
DESCRIPTION
"Maximum version number of the iSCSI specification supported
by this instance."
::= { iscsiInstanceAttributesEntry 4 }
iscsiInstVendorID OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An octet string describing the manufacturer of the
implementation of this instance."
::= { iscsiInstanceAttributesEntry 5 }
iscsiInstVendorVersion OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An octet string set by the manufacturer describing the
version of the implementation of this instance. The
format of this string is determined solely by the
manufacturer, and is for informational purposes only.
It is unrelated to the iSCSI specification version numbers."
::= { iscsiInstanceAttributesEntry 6 }
iscsiInstPortalNumber OBJECT-TYPE
SYNTAX Unsigned32
UNITS "transport endpoints"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of rows in the iscsiPortalAttributesTable
which are currently associated with this iSCSI instance."
::= { iscsiInstanceAttributesEntry 7 }
iscsiInstNodeNumber OBJECT-TYPE
SYNTAX Unsigned32
UNITS "Internet Network Addresses"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of rows in the iscsiNodeAttributesTable
which are currently associated with this iSCSI instance."
::= { iscsiInstanceAttributesEntry 8 }
iscsiInstSessionNumber OBJECT-TYPE
Bakke, Muchow Expires May 2003 [Page 18]

Internet Draft iSCSI MIB November 2002
SYNTAX Unsigned32
UNITS "sessions"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of rows in the iscsiSessionAttributesTable
which are currently associated with this iSCSI instance."
::= { iscsiInstanceAttributesEntry 9 }
iscsiInstSsnFailures OBJECT-TYPE
SYNTAX Counter32
UNITS "sessions"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object counts the number of times a session belonging
to this instance has been failed."
::= { iscsiInstanceAttributesEntry 10 }
iscsiInstLastSsnFailureType OBJECT-TYPE
SYNTAX AutonomousType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The counter object in the iscsiInstSsnErrorStatsTable
that was incremented when the last session failure occurred.
If the reason for failure is not found in the
iscsiInstSsnErrorStatsTable, the value { 0.0 } is
used instead."
::= { iscsiInstanceAttributesEntry 11 }
iscsiInstLastSsnRmtNodeName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An octet string describing the name of the remote node
from the failed session."
::= { iscsiInstanceAttributesEntry 12 }
-- Instance Session Failure Stats Table
iscsiInstanceSsnErrorStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF IscsiInstanceSsnErrorStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
Bakke, Muchow Expires May 2003 [Page 19]

Internet Draft iSCSI MIB November 2002
iscsiNodeName SnmpAdminString,
iscsiNodeAlias SnmpAdminString,
iscsiNodeRoles BITS,
iscsiNodeTransportType RowPointer,
iscsiNodeInitialR2T TruthValue,
iscsiNodeImmediateData TruthValue,
iscsiNodeMaxOutstandingR2T INTEGER,
iscsiNodeFirstBurstLength INTEGER,
iscsiNodeMaxBurstLength INTEGER,
iscsiNodeMaxConnections INTEGER,
iscsiNodeDataSequenceInOrder TruthValue,
iscsiNodeDataPDUInOrder TruthValue,
iscsiNodeDefaultTime2Wait INTEGER,
iscsiNodeDefaultTime2Retain INTEGER,
iscsiNodeErrorRecoveryLevel INTEGER
}
iscsiNodeIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..4294967295)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary integer used to uniquely identify a particular
node within an iSCSI instance present on the local system."
::= { iscsiNodeAttributesEntry 1 }
iscsiNodeName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A character string that is a globally unique identifier for
this iSCSI node. The node name is independent of the location
of the node, and can be resolved into a set of addresses
through various discovery services."
::= { iscsiNodeAttributesEntry 2 }
iscsiNodeAlias OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A character string that is a human-readable name or
description of the iSCSI node. If configured, this alias
may be communicated to the initiator or target node at
the remote end of the connection during a Login Request
or Response message. This string is not used as an
identifier, but can be displayed by the system's user
Bakke, Muchow Expires May 2003 [Page 27]

Internet Draft iSCSI MIB November 2002
interface in a list of initiators and/or targets to
which it is connected.
If no alias is configured, this object is a zero-length
string."
::= { iscsiNodeAttributesEntry 3 }
iscsiNodeRoles OBJECT-TYPE
SYNTAX BITS {
targetTypeNode(0),
initiatorTypeNode(1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A node can operate in one or both of two roles:
a target role and/or an initiator role. If the node
will operate in both roles, both bits must be set.
When a new iscsiNodeAttributesEntry is to be created,
the agent should use this object as a hint for the
creation of a new iscsiTargetAttributesEntry and/or
iscsiInitiatorAttributesEntry."
::= { iscsiNodeAttributesEntry 4 }
iscsiNodeTransportType OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A pointer to the corresponding scsiTrnspt object in
the SCSI MIB (which in turn points to this iSCSI node)
allowing management stations to locate the SCSI-level
Device that is represented by this iscsiNode."
REFERENCE
"SCSI-MIB"
::= { iscsiNodeAttributesEntry 5 }
iscsiNodeInitialR2T OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates the InitialR2T preference for this
node:
True = YES,
False = will try to negotiate NO, will accept YES "
DEFVAL { true }
Bakke, Muchow Expires May 2003 [Page 28]

Internet Draft iSCSI MIB November 2002
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The timestamp of the most recent failure of a login attempt
from this initiator. A value of zero indicates that no such
failures have occurred."
::= { iscsiInitiatorAttributesEntry 2 }
iscsiIntrLastFailureType OBJECT-TYPE
SYNTAX AutonomousType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of the most recent failure of a login attempt
from this initiator, represented as the OID of the counter
object in iscsiInitiatorLoginStatsTable for which the
relevant instance was incremented. A value of 0.0
indicates a type which is not represented by any of
the counters in iscsiInitiatorLoginStatsTable."
::= { iscsiInitiatorAttributesEntry 3 }
iscsiIntrLastTgtFailureName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An octet string giving the name of the target that failed
the last login attempt."
::= { iscsiInitiatorAttributesEntry 4 }
iscsiIntrLastTgtFailureAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of Internet Network Address in
iscsiIntrLastTgtFailureAddr."
DEFVAL { ipv4 }
::= { iscsiInitiatorAttributesEntry 5 }
iscsiIntrLastTgtFailureAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An Internet Network Address giving the host address of the
target that failed the last login attempt."
::= { iscsiInitiatorAttributesEntry 6 }
Bakke, Muchow Expires May 2003 [Page 39]

Internet Draft iSCSI MIB November 2002
within this iSCSI instance to an external
target."
::= { iscsiSessionAttributesEntry 2 }
iscsiSsnInitiatorName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If iscsiSsnDirection is Inbound, this object is an
octet string that will contain the name of the remote
initiator. If this session is a discovery session that
does not specify a particular initiator, this object
will contain a zero-length string.
If iscsiSsnDirection is Outbound, this object will
contain a zero-length string."
::= { iscsiSessionAttributesEntry 3 }
iscsiSsnTargetName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If iscsiSsnDirection is Outbound, this object is an
octet string that will contain the name of the remote
target. If this session is a discovery session that
does not specify a particular target, this object will
contain a zero-length string.
If iscsiSsnDirection is Inbound, this object will
contain a zero-length string."
::= { iscsiSessionAttributesEntry 4 }
iscsiSsnTSIH OBJECT-TYPE
SYNTAX INTEGER (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The target-defined identification handle for this session."
::= { iscsiSessionAttributesEntry 5 }
iscsiSsnISID OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(6))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The initiator-defined portion of the iSCSI Session ID."
Bakke, Muchow Expires May 2003 [Page 46]

Internet Draft iSCSI MIB November 2002
::= { iscsiSessionAttributesEntry 6 }
iscsiSsnInitiatorAlias OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An octet string that gives the alias communicated by the
initiator end of the session during the login phase.
If no alias exists, the value is a zero-length string."
::= { iscsiSessionAttributesEntry 7 }
iscsiSsnTargetAlias OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"An octet string that gives the alias communicated by the
target end of the session during the login phase.
If no alias exists, the value is a zero-length string."
::= { iscsiSessionAttributesEntry 8 }
iscsiSsnInitialR2T OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If set to true, indicates that the initiator must wait
for an R2T before sending to the target. If set to false,
the initiator may send data immediately, within limits set
by iscsiSsnFirstBurstLength and the expected data transfer
length of the request.
Default is true."
::= { iscsiSessionAttributesEntry 9 }
iscsiSsnImmediateData OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether the initiator and target have agreed to
support immediate data on this session."
::= { iscsiSessionAttributesEntry 10 }
iscsiSsnType OBJECT-TYPE
Bakke, Muchow Expires May 2003 [Page 47]

Internet Draft iSCSI MIB November 2002
particular connection of a particular session within
an iSCSI instance present on the local system."
::= { iscsiConnectionAttributesEntry 1 }
iscsiCxnCid OBJECT-TYPE
SYNTAX INTEGER (1..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The iSCSI Connection ID for this connection."
::= { iscsiConnectionAttributesEntry 2 }
iscsiCxnState OBJECT-TYPE
SYNTAX INTEGER {
login(1),
full(2),
logout(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current state of this connection, from an iSCSI negotiation
point of view. Here are the states:
login - The transport protocol connection has been established,
but a valid iSCSI login response with the final bit set
has not been sent or received.
full - A valid iSCSI login response with the final bit set
has been sent or received.
logout - A valid iSCSI logout command has been sent or
received, but the transport protocol connection has
not yet been closed."
::= { iscsiConnectionAttributesEntry 3 }
iscsiCxnLocalAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of Internet Network Address in iscsiCxnLocalAddr."
DEFVAL { ipv4 }
::= { iscsiConnectionAttributesEntry 4 }
iscsiCxnLocalAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
Bakke, Muchow Expires May 2003 [Page 54]

Internet Draft iSCSI MIB November 2002
"This group is mandatory for all iSCSI implementations
that can support Counter64 data types."
GROUP iscsiSessionLCOctetStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that provide information to SNMPv1-only applications;
this includes agents that cannot support Counter64
data types."
-- Conditionally mandatory groups to be included with
-- the mandatory groups when the implementation has
-- iSCSI target facilities.
GROUP iscsiTgtPortalAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetLoginStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetLogoutStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTgtLgnNotificationsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
GROUP iscsiTargetAuthGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI target facilities."
-- Conditionally mandatory groups to be included with
-- the mandatory groups when the implementation has
-- iSCSI initiator facilities.
Bakke, Muchow Expires May 2003 [Page 66]

Internet Draft iSCSI MIB November 2002
GROUP iscsiIntrPortalAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorAttributesGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorLoginStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorLogoutStatsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiIntrLgnNotificationsGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
GROUP iscsiInitiatorAuthGroup
DESCRIPTION
"This group is mandatory for all iSCSI implementations
that have iSCSI initiator facilities."
::= { iscsiCompliances 1 }
END
5. Security Considerations
There are a number of management objects defined in this MIB that
have a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations.
Information gleaned from this MIB could be used to make connections
to the iSCSI targets it represents. However, it is the
responsibility of the initiators and targets involved to authenticate
Bakke, Muchow Expires May 2003 [Page 67]

Internet Draft iSCSI MIB November 2002
each other to ensure that an inappropriately advertised or discovered
initiator or target does not compromise their security. These issues
are discussed in [ISCSI].
SNMPv1 by itself is not a secure environment. Even if the network
itself is secure (for example by using IPsec), even then, there is no
control as to who on the secure network is allowed to access and
GET/SET (read/change/create/delete) the objects in this MIB.
It is recommended that the implementors consider the security
features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model RFC 2574 [RFC2574] and the View-
based Access Control Model RFC 2575 [RFC2575] is recommended.
It is then a customer/user responsibility to ensure that the SNMP
entity giving access to an instance of this MIB, is properly
configured to give access to the objects only to those principals
(users) that have legitimate rights to indeed GET or SET
(change/create/delete) them.
6. Normative References
[ISCSI] J. Satran, et. al., "iSCSI", draft-ietf-ips-iSCSI-18,
October 2002.
[RFC2571] D. Harrington, R. Presuhn, and B. Wijnen, "An Architecture
for Describing SNMP Management Frameworks", RFC 2571, April
1999.
[RFC1155] M. Rose and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP-based Internets", STD 16,
RFC 1155, May 1990.
[RFC1212] M. Rose and K. McCloghrie, "Concise MIB Definitions", STD
16, RFC 1212, March 1991.
[RFC2578] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M.
Rose, and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April
1999.
[RFC1215] M. Rose, "A Convention for Defining Traps for use with the
SNMP", RFC 1215, March 1991.
[RFC2579] K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M.
Rose, and S. Waldbusser, "Textual Conventions for SMIv2",
STD 58, RFC 2579, April 1999.
Bakke, Muchow Expires May 2003 [Page 68]

Internet Draft iSCSI MIB November 2002
Jim Muchow
Postal: Cisco Systems, Inc
6450 Wedgwood Road, Suite 130
Maple Grove, MN
USA 55311
Tel: +1 763-398-1000
Fax: +1 763-398-1001
E-mail: jmuchow@cisco.com"
9. Full Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
Bakke, Muchow Expires May 2003 [Page 71]